Bug 766906
| Summary: | Invalid Credentials when registering system via cli | |||
|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Og Maciel <omaciel> | |
| Component: | katello-agent | Assignee: | Ivan Necas <inecas> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Katello QA List <katello-qa-list> | |
| Severity: | high | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 6.0.1 | CC: | bkearney, hbrock, lzap, mmccune, tomckay | |
| Target Milestone: | Unspecified | Keywords: | Triaged | |
| Target Release: | Unused | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 768390 (view as bug list) | Environment: | ||
| Last Closed: | 2012-08-22 18:12:57 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 754934, 757775, 767989 | |||
| Bug Blocks: | 747354 | |||
|
Description
Og Maciel
2011-12-12 19:20:58 UTC
katello's log:
Started GET "/katello//api/consumers/c44d088b-7c40-4b62-8261-9cc840d4d737" for 10.16.120.146 at Mon Dec 12 13:55:32 -0500 2011
Processing by Api::SystemsController#show as JSON
Parameters: {"id"=>"c44d088b-7c40-4b62-8261-9cc840d4d737", "_json"=>nil}
Completed in 5ms
Processing by FailedAuthenticationController#unauthenticated_api as JSON
Parameters: {"auth_username"=>"Bloomberg", "id"=>"c44d088b-7c40-4b62-8261-9cc840d4d737", "auth_password"=>"[FILTERED]", "_json"=>nil}
Request is unauthenticated_api for 127.0.0.1
Completed 401 Unauthorized in 1ms (Views: 0.5ms | ActiveRecord: 0.4ms)
Started POST "/katello//api/consumers/" for 10.16.120.146 at Mon Dec 12 14:34:58 -0500 2011
Processing by Api::SystemsController#create as JSON
Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"client-og-1.usersys.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "net.interface.eth2.broadcast"=>"10.16.120.255", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"3 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.bios.vendor"=>"Seabios", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "net.interface.eth2.hwaddr"=>"52:54:00:fc:ba:e4", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"cde1a796-c280-08fe-fd33-083cca9c8db7", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"4128760", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "net.interface.eth2.ipaddr"=>"10.16.120.146", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"2", "net.interface.lo.netmask"=>"255.0.0.0", "dmi.memory.error_information_handle"=>"Not Provided", "net.interface.eth2.netmask"=>"255.255.255.0", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"2", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"client-og-1.usersys.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"3090056", "cpu.on-line_cpu(s)_list"=>"0,1", "dmi.system.status"=>"No errors detected", "dmi.bios.version"=>"0.5.1", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0,1", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"3072 MB", "network.ipaddr"=>"127.0.0.1", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"client-og-1.usersys.redhat.com", "type"=>"system"}
Completed in 5ms
Processing by FailedAuthenticationController#unauthenticated_api as JSON
Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"client-og-1.usersys.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "net.interface.eth2.broadcast"=>"10.16.120.255", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"3 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.bios.vendor"=>"Seabios", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "net.interface.eth2.hwaddr"=>"52:54:00:fc:ba:e4", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"cde1a796-c280-08fe-fd33-083cca9c8db7", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"4128760", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "net.interface.eth2.ipaddr"=>"10.16.120.146", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"2", "net.interface.lo.netmask"=>"255.0.0.0", "dmi.memory.error_information_handle"=>"Not Provided", "net.interface.eth2.netmask"=>"255.255.255.0", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"2", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"client-og-1.usersys.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"3090056", "cpu.on-line_cpu(s)_list"=>"0,1", "dmi.system.status"=>"No errors detected", "dmi.bios.version"=>"0.5.1", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0,1", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"3072 MB", "network.ipaddr"=>"127.0.0.1", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"client-og-1.usersys.redhat.com", "auth_username"=>"Bloomberg", "type"=>"system", "auth_password"=>"[FILTERED]"}
Request is unauthenticated_api for 127.0.0.1
Completed 401 Unauthorized in 1ms (Views: 0.4ms | ActiveRecord: 0.7ms)
Started GET "/katello//notices/get_new?_=1323718502165" for 10.11.231.56 at Mon Dec 12 14:35:05 -0500 2011
Processing by NoticesController#get_new as JSON
Parameters: {"_"=>"1323718502165"}
Completed 200 OK in 8ms (Views: 0.5ms | ActiveRecord: 1.5ms)
We will be working on complete audit of all API permissions. A read-only user can register a system (POST /api/consumers) but it then fails on saving packages (PUT /api/consumers/$id/packages). @Og: [root@ofed ~]# subscription-manager register --username user --password useruser --org ACME_Corporation --env env --force The system with UUID 3b384ad5-1ff2-4aac-8fbd-663d006f353d has been unregistered The system has been registered with id: 7b14ac3e-ba12-4280-9194-f02c44819cfb [root@ofed ~]# rpm -q katello katello-0.1.187-1.git.1.2d46557.el6.noarch ^^^ fixed in this version @Tom: This has also been fixed today. The same version should work too. Lukas, I was working with Og to try and reproduce this issue and we hit a confusion situation. His user as outlined above fails to register repeatedly with "invalid credentials": [root@dhcp77-156 ca]# subscription-manager register --force --username=Bloomberg --password=**** Invalid credentials but I created a duplicate user with the same default Org and Environment and registration worked fine: [root@dhcp77-156 ca]# subscription-manager register --force --username=mmccune --password=password [root@dhcp77-156 ca]# we couldn't see anything different about the 2 users and I'm not sure why one account works and the other doesn't. The only difference we finally managed to find out what the version of subscription-manager installed in the client. For Mike, subscription-manager-0.96.17-1.el6.x86_64 worked. But for me, subscription-manager-0.95.11-1.el6.x86_64, did not. Verbose log:
Setting current user thread-local variable to nil
Completed 200 OK in 50ms (Views: 1.7ms | ActiveRecord: 111.2ms)
SQL (0.5ms) SHOW client_min_messages
SQL (0.1ms) SET client_min_messages TO 'panic'
SQL (0.2ms) SET standard_conforming_strings = on
SQL (0.1ms) SET client_min_messages TO 'notice'
SQL (0.8ms) SET time zone 'UTC'
SQL (0.1ms) SHOW TIME ZONE
PK and serial sequence (9.7ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"changesets_products"'::regclass
PK and custom sequence (10.2ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"changesets_products"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (5.5ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"changesets_system_templates"'::regclass
PK and custom sequence (1.7ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"changesets_system_templates"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (5.8ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"changesets_repositories"'::regclass
PK and custom sequence (1.6ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"changesets_repositories"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (5.3ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"filters_products"'::regclass
PK and custom sequence (1.6ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"filters_products"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (6.5ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"environment_priors"'::regclass
PK and custom sequence (1.3ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"environment_priors"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (5.3ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"environment_priors"'::regclass
PK and custom sequence (1.3ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"environment_priors"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (2.4ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"filters_products"'::regclass
PK and custom sequence (1.2ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"filters_products"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (4.0ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"changesets_products"'::regclass
PK and custom sequence (1.5ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"changesets_products"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
SQL (2.4ms) SELECT tablename
FROM pg_tables
WHERE schemaname = ANY (current_schemas(false))
SQL (1.0ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
FROM pg_attribute a LEFT JOIN pg_attrdef d
ON a.attrelid = d.adrelid AND a.attnum = d.adnum
WHERE a.attrelid = '"organizations"'::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
PK and serial sequence (5.1ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"permissions_verbs"'::regclass
PK and custom sequence (1.3ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"permissions_verbs"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
SQL (2.3ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
FROM pg_attribute a LEFT JOIN pg_attrdef d
ON a.attrelid = d.adrelid AND a.attnum = d.adnum
WHERE a.attrelid = '"providers"'::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
PK and serial sequence (2.4ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"changesets_repositories"'::regclass
PK and custom sequence (1.3ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"changesets_repositories"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (2.1ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"changesets_system_templates"'::regclass
PK and custom sequence (1.2ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"changesets_system_templates"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
PK and serial sequence (4.6ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"products_system_templates"'::regclass
PK and custom sequence (1.3ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"products_system_templates"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
SQL (3.8ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
FROM pg_attribute a LEFT JOIN pg_attrdef d
ON a.attrelid = d.adrelid AND a.attnum = d.adnum
WHERE a.attrelid = '"users"'::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
PK and serial sequence (5.4ms) SELECT attr.attname, seq.relname
FROM pg_class seq,
pg_attribute attr,
pg_depend dep,
pg_namespace name,
pg_constraint cons
WHERE seq.oid = dep.objid
AND seq.relkind = 'S'
AND attr.attrelid = dep.refobjid
AND attr.attnum = dep.refobjsubid
AND attr.attrelid = cons.conrelid
AND attr.attnum = cons.conkey[1]
AND cons.contype = 'p'
AND dep.refobjid = '"permissions_verbs"'::regclass
PK and custom sequence (1.4ms) SELECT attr.attname,
CASE
WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
substr(split_part(def.adsrc, '''', 2),
strpos(split_part(def.adsrc, '''', 2), '.')+1)
ELSE split_part(def.adsrc, '''', 2)
END
FROM pg_class t
JOIN pg_attribute attr ON (t.oid = attrelid)
JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
WHERE t.oid = '"permissions_verbs"'::regclass
AND cons.contype = 'p'
AND def.adsrc ~* 'nextval'
Resource GET request: /candlepin/status
Headers: {}
Body: {}
Processing response: 200
{"version":"0.5.8","result":true,"standalone":true,"release":"1"}
Warning: Incorrect version , Expected 0.5.10-1, got 0.5.8-1
Started POST "/katello/api/consumers/" for 10.16.120.164 at Tue Jan 24 11:19:07 -0500 2012
Processing by Api::SystemsController#create as JSON
Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"2 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "net.interface.eth0.hwaddr"=>"52:54:00:81:85:8a", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.bios.vendor"=>"Seabios", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"0268218e-241e-2312-fd30-fb3a84731fee", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "net.interface.eth0.netmask"=>"255.255.255.0", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"6160376", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"1", "net.interface.lo.netmask"=>"255.0.0.0", "net.interface.eth0.broadcast"=>"10.16.120.255", "dmi.memory.error_information_handle"=>"Not Provided", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"1", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"2055976", "cpu.on-line_cpu(s)_list"=>"0", "dmi.bios.version"=>"0.5.1", "dmi.system.status"=>"No errors detected", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "net.interface.eth0.ipaddr"=>"10.16.120.164", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"2048 MB", "network.ipaddr"=>"10.16.120.164", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "type"=>"system", "owner"=>"default"}
Setting locale: en
Warden is authenticating Bloomberg against database
SQL (1.2ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
FROM pg_attribute a LEFT JOIN pg_attrdef d
ON a.attrelid = d.adrelid AND a.attnum = d.adnum
WHERE a.attrelid = '"users"'::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."username" = 'Bloomberg' LIMIT 1
SQL (0.7ms) SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
FROM pg_attribute a LEFT JOIN pg_attrdef d
ON a.attrelid = d.adrelid AND a.attnum = d.adnum
WHERE a.attrelid = '"users"'::regclass
AND a.attnum > 0 AND NOT a.attisdropped
ORDER BY a.attnum
Completed in 23ms
Processing by FailedAuthenticationController#unauthenticated_api as JSON
Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"2 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "net.interface.eth0.hwaddr"=>"52:54:00:81:85:8a", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.bios.vendor"=>"Seabios", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"0268218e-241e-2312-fd30-fb3a84731fee", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "net.interface.eth0.netmask"=>"255.255.255.0", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"6160376", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>" (ns)", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"1", "net.interface.lo.netmask"=>"255.0.0.0", "net.interface.eth0.broadcast"=>"10.16.120.255", "dmi.memory.error_information_handle"=>"Not Provided", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"1", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"2055976", "cpu.on-line_cpu(s)_list"=>"0", "dmi.bios.version"=>"0.5.1", "dmi.system.status"=>"No errors detected", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "net.interface.eth0.ipaddr"=>"10.16.120.164", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"2048 MB", "network.ipaddr"=>"10.16.120.164", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "auth_username"=>"Bloomberg", "type"=>"system", "auth_password"=>"[FILTERED]", "owner"=>"default"}
Request is unauthenticated_api for 127.0.0.1
Completed 401 Unauthorized in 2ms (Views: 1.6ms | ActiveRecord: 105.4ms)
Started GET "/katello/notices/get_new?_=1327421992848" for 10.11.230.241 at Tue Jan 24 11:19:47 -0500 2012
Processing by NoticesController#get_new as JSON
Parameters: {"_"=>"1327421992848"}
User Load (0.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1
Setting locale: en
Setting current user thread-local variable to admin
Notice Load (0.5ms) SELECT notices.id, text, level, request_type FROM "notices" INNER JOIN "user_notices" ON "user_notices"."notice_id" = "notices"."id" WHERE (user_notices.user_id = 1 AND user_notices.viewed = 'f')
UserNotice Load (0.3ms) SELECT "user_notices".* FROM "user_notices" WHERE ("user_notices".user_id = 1)
Setting current user thread-local variable to nil
Completed 200 OK in 8ms (Views: 0.5ms | ActiveRecord: 1.4ms)
It's most likely a bug in rhsm - we are receiving two extra characters in the password string:
>>> tclmeSRS�" <<<
It's some kind of unique sequence concatenated with quotes. In ACSCII this is:
tclmeSRS\357\277\275\"
We can't do anything with it in katello. I will ask RHSM guys first, we will see what is wrong.
Clue: the strange chars appear in password in case username is longer then 8 chars. e.g. user testtest should work, testtestt doesn't Okay so it turns out Apache httpd mangles Authorization http header for unknown reason! Rhsm sends this: Authorization: Basic Qmxvb21iZXJnOnRjbG1lU1JT but Apache adds ", Basic" to it: Authorization: Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic And Rails 3 decodes the header this way (https://github.com/rails/rails/blob/d65b76642637928f64c9aa092e305238eb3b6f4f/actionpack/lib/action_controller/metal/http_authentication.rb#L143): >> Base64.decode64('Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic'.split(' ', 2).last || '') => "Bloomberg:tclmeSRS\005\253\"" And that's the issue. Now, the only question is - is it a bug in httpd or rails? Looks like we need to read the RFC in this case :-) http://en.wikipedia.org/wiki/Basic_access_authentication So it looks like a httpd bug since either HTTP/1.0 or HTTP/1.1 does not support anything else than: Authorization: Basic BASE64_ENCODED_STUFF http://tools.ietf.org/html/rfc1945#section-11 http://tools.ietf.org/html/rfc2617#section-2 There is this line in /etc/httpd/conf.d/pulp.conf comming with pulp rpm: RequestHeader append Authorization "Basic" early This adds ", Basic" to our Authorization header. Removing this line seems to fix this issue. Ok Ivan recommends this in our puppet:
common::line { "don_not_touch_auth_headers":
file => "/etc/httpd/conf.d/pulp.conf",
line => "RequestHeader append Authorization "Basic" early",
before => Class["pulp::service"],
ensure => absent;
}
But James points out it will break yum, because repo auth code wont work without this header. We will need to come out with a different solution.
Maybe we could put that line into <Directory /var/www/pub/repos>, so that no other path's would be affected. James? Filed a BZ for that: https://bugzilla.redhat.com/show_bug.cgi?id=784638 Fixed in Pulp build: 0.265 Validated on: * katello-cli-common-0.1.44-2.el6.noarch * katello-certs-tools-1.0.2-2.el6.noarch * katello-glue-candlepin-0.1.222-2.el6.noarch * katello-trusted-ssl-cert-1.0-1.noarch * katello-glue-pulp-0.1.222-2.el6.noarch * katello-all-0.1.222-2.el6.noarch * katello-repos-0.1.5-1.el6.noarch * katello-glue-foreman-0.1.222-2.el6.noarch * katello-0.1.222-2.el6.noarch * katello-configure-0.1.61-2.el6.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-cli-0.1.44-2.el6.noarch * katello-common-0.1.222-2.el6.noarch * katello-selinux-0.1.3-1.el6.noarch * katello-httpd-ssl-key-pair-1.0-1.noarch * pulp-common-0.0.265-1.el6.noarch * pulp-0.0.265-1.el6.noarch * katello-glue-candlepin-0.1.222-2.el6.noarch * candlepin-tomcat6-0.5.16-1.el6.noarch * candlepin-0.5.16-1.el6.noarch getting rid of 6.0.0 version since that doesn't exist |